Vulnerabilities > Elastic > Kibana > 5.6.15

DATE CVE VULNERABILITY TITLE RISK
2022-11-18 CVE-2021-22141 Open Redirect vulnerability in Elastic Kibana
An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16.
network
low complexity
elastic CWE-601
6.1
6.1
2022-11-18 CVE-2021-37936 Cross-site Scripting vulnerability in Elastic Kibana
It was discovered that Kibana was not sanitizing document fields containing HTML snippets.
network
low complexity
elastic CWE-79
5.4
5.4
2021-05-13 CVE-2021-22136 Insufficient Session Expiration vulnerability in Elastic Kibana
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected.
local
low complexity
elastic CWE-613
3.6
3.6
2021-05-13 CVE-2021-22139 Resource Exhaustion vulnerability in Elastic Kibana
Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size.
network
low complexity
elastic CWE-400
4.0
4.0
2020-06-03 CVE-2020-7015 Cross-site Scripting vulnerability in Elastic Kibana
Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization.
network
elastic CWE-79
3.5
3.5
2020-06-03 CVE-2020-7013 Code Injection vulnerability in multiple products
Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB.
network
low complexity
elastic redhat CWE-94
6.5
6.5
2019-12-18 CVE-2019-7621 Cross-site Scripting vulnerability in Elastic Kibana
Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations.
network
elastic CWE-79
3.5
3.5
2019-07-30 CVE-2019-7616 Server-Side Request Forgery (SSRF) vulnerability in Elastic Kibana
Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer.
network
low complexity
elastic CWE-918
4.9
4.9
2018-09-19 CVE-2018-3830 Cross-site Scripting vulnerability in multiple products
Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
network
low complexity
elastic redhat CWE-79
6.1
6.1
2018-03-30 CVE-2018-3818 Cross-site Scripting vulnerability in Elastic Kibana
Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
network
elastic CWE-79
4.3
4.3